Kibana Node.JS & VirtualHost


(Ben Martineau) #1

Hello guys,

First, i'm new in this forum, so if i'm writting/posting in the wrong Topic just move me into the right one :slight_smile:.

Context : I'm running kibana in a big enterprise, in cluster mode (many nodes), i got 3 nodes running with kibana only (frontend user). And all i want is to block all users pointing on my 3 kibana's server with there own FQDN/IP.

i want them to pass thought a F5 Load Balancer.

I do actualy that, with some iptables/firewalld rules that allow only my load balancer to establish connction with kibana.

This is working great with this configuration (users access kibana with specific domaine that load balancer ip's pointing on)

BUT this is not the "final" configuration that i want, if kibana's were running on Apache2 i could create a rule that allow only my domain but i don't know how to reproduce those settings with node JS !

Those are my questions :

Can i create VirtualHost on the actual Kibana Node.Js configuration ?
Is it Possible ?
Could i make modifications into "main" configuration file of the web server ?

Sorry for HUGE bloc of full texte !

Thanks everbody for reading me & answer my needs :slight_smile:


(Lee Drengenberg) #2

If your Kibana instance(s) were running on the same host as your F5 load balancer, the solution would be easy. You would just set kibana.yml server.host: localhost and then users outside of that host couldn't get to it but your load balancer could.
But that's probably not your case.

For your case where you probably have multiple hosts, I think firewalld is your best option. I don't think there's anything you can do with Kibana to only accept connects from some subset of IPs or hostnames.


(Ben Martineau) #3

Hi LeeDr, thanks you the quick reply. Yes indeed, if my kibana instance(s) were on the same host as the Load Balancer, i will be able to manage my "issue" with this parametter.

And yes, think firewalld still the best way to "sovle" my issue for now, we'll see in the next futur major upgrades if there any other way to do that.

Well, thanks you for your reply. I let this topic open for few days, in case of i found a better solutions and inform others.


(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.